tests: Check expiration times of created keys.

* tests/gpgscm/ffi.c (do_get_time): New function.
(ffi_init): Expose new function.
* tests/gpgscm/ffi.scm (get-time): Document new function.
* tests/gpgscm/time.scm: New file.
* tests/openpgp/quick-key-manipulation.scm: Use the new facilities to
check the expiration times of created keys.
* tests/openpgp/tofu.scm: Use the new module.

Signed-off-by: Justus Winter <justus@g10code.com>

tests/gpgscm/ffi.c

@@ -501,6 +501,14 @@ do_get_isotime (scheme *sc, pointer args)
   FFI_RETURN_STRING (sc, timebuf);
 }
 
+static pointer
+do_get_time (scheme *sc, pointer args)
+{
+  FFI_PROLOG ();
+  FFI_ARGS_DONE_OR_RETURN (sc, args);
+  FFI_RETURN_INT (sc, gnupg_get_time ());
+}
+
 static pointer
 do_getpid (scheme *sc, pointer args)
 {
@@ -1347,6 +1355,7 @@ ffi_init (scheme *sc, const char *argv0, const char *scriptname,
   ffi_define_function (sc, mkdir);
   ffi_define_function (sc, rmdir);
   ffi_define_function (sc, get_isotime);
+  ffi_define_function (sc, get_time);
   ffi_define_function (sc, getpid);
 
   /* Random numbers.  */

tests/gpgscm/ffi.scm

@@ -47,3 +47,6 @@
 
 ;; Low-level mechanism to terminate the process.
 (ffi-define (_exit status))
+
+;; Get the current time in seconds since the epoch.
+(ffi-define (get-time))

tests/gpgscm/time.scm

@@ -0,0 +1,42 @@
+;; Simple time manipulation library.
+;;
+;; Copyright (C) 2017 g10 Code GmbH
+;;
+;; This file is part of GnuPG.
+;;
+;; GnuPG is free software; you can redistribute it and/or modify
+;; it under the terms of the GNU General Public License as published by
+;; the Free Software Foundation; either version 3 of the License, or
+;; (at your option) any later version.
+;;
+;; GnuPG is distributed in the hope that it will be useful,
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;; GNU General Public License for more details.
+;;
+;; You should have received a copy of the GNU General Public License
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+;; This library mimics what GnuPG thinks about expiration times.
+;; Granularity is one second.  Its focus is not on correctness.
+
+;; Conversion functions.
+(define (minutes->seconds minutes)
+  (* minutes 60))
+(define (hours->seconds hours)
+  (* hours 60 60))
+(define (days->seconds days)
+  (* days 24 60 60))
+(define (weeks->seconds weeks)
+  (days->seconds (* weeks 7)))
+(define (months->seconds months)
+  (days->seconds (* months 30)))
+(define (years->seconds years)
+  (days->seconds (* years 365)))
+
+(define (time-matches? a b slack)
+  (< (abs (- a b)) slack))
+(assert (time-matches? (hours->seconds 1) (hours->seconds 2) (hours->seconds 2)))
+(assert (time-matches? (hours->seconds 2) (hours->seconds 1) (hours->seconds 2)))
+(assert (not (time-matches? (hours->seconds 4) (hours->seconds 1) (hours->seconds 2))))
+(assert (not (time-matches? (hours->seconds 1) (hours->seconds 4) (hours->seconds 2))))

tests/openpgp/quick-key-manipulation.scm

@@ -1,6 +1,6 @@
 #!/usr/bin/env gpgscm
 
-;; Copyright (C) 2016 g10 Code GmbH
+;; Copyright (C) 2016-2017 g10 Code GmbH
 ;;
 ;; This file is part of GnuPG.
 ;;
@@ -18,6 +18,7 @@
 ;; along with this program; if not, see <http://www.gnu.org/licenses/>.
 
 (load (with-path "defs.scm"))
+(load (with-path "time.scm"))
 (setup-environment)
 
  ;; XXX because of --always-trust, the trustdb is not created.
@@ -91,8 +92,9 @@
 
 ;; Make the key expire in one year.
 (call-check `(,@gpg --quick-set-expire ,fpr "1y"))
-;; XXX It'd be nice to check that the value is right.
-(assert (not (equal? "" (expiration-time fpr))))
+(assert (time-matches? (+ (get-time) (years->seconds 1))
+		       (string->number (expiration-time fpr))
+		       (minutes->seconds 5)))
 
 
 ;;
@@ -134,21 +136,29 @@
   (lambda (subkey)
     (assert (= 1 (:alg subkey)))
     (assert (string-contains? (:cap subkey) "s"))
-    (assert (not (equal? "" (:expire subkey)))))
+    (assert (time-matches? (+ (get-time) (days->seconds 2))
+			   (string->number (:expire subkey))
+			   (minutes->seconds 5))))
   (lambda (subkey)
     (assert (= 1 (:alg subkey)))
     (assert (= 1024 (:length subkey)))
     (assert (string-contains? (:cap subkey) "s"))
-    (assert (not (equal? "" (:expire subkey)))))
+    (assert (time-matches? (+ (get-time) (weeks->seconds 2))
+			   (string->number (:expire subkey))
+			   (minutes->seconds 5))))
   (lambda (subkey)
     (assert (= 1 (:alg subkey)))
     (assert (= 2048 (:length subkey)))
     (assert (string-contains? (:cap subkey) "e"))
-    (assert (not (equal? "" (:expire subkey)))))
+    (assert (time-matches? (+ (get-time) (months->seconds 2))
+			   (string->number (:expire subkey))
+			   (minutes->seconds 5))))
   (lambda (subkey)
     (assert (= 1 (:alg subkey)))
     (assert (= 4096 (:length subkey)))
     (assert (string-contains? (:cap subkey) "s"))
     (assert (string-contains? (:cap subkey) "a"))
-    (assert (not (equal? "" (:expire subkey)))))
+    (assert (time-matches? (+ (get-time) (years->seconds 2))
+			   (string->number (:expire subkey))
+			   (minutes->seconds 5))))
   #f))

tests/openpgp/tofu.scm

@@ -18,6 +18,7 @@
 ;; along with this program; if not, see <http://www.gnu.org/licenses/>.
 
 (load (with-path "defs.scm"))
+(load (with-path "time.scm"))
 (setup-environment)
 
 (define GPGTIME 1480943782)
@@ -25,8 +26,6 @@
 ;; Generate a --faked-system-time parameter for a particular offset.
 (define (faketime delta)
   (string-append "--faked-system-time=" (number->string (+ GPGTIME delta))))
-;; A convenience function for the above.
-(define (days->seconds days) (* days 24 60 60))
 
 ;; Redefine GPG without --always-trust and a fixed time.
 (define GPG `(,(tool 'gpg) --no-permission-warning ,(faketime 0)))